A propos de “déGAFAmisation” et de “déGooglisation”

Récemment interpellé par un post de Diane Touré (@DianeToure) grace à Arnaud Velten (@bizcom) intitulé :

Comment se “dégafamiser” et reprendre le contrôle de sa vie en ligne ?

accompagné d’une illustration tout aussi préoccupante :degooglisernet-600x356

Le titre de ce post m’a vraiment interpellé et le dessin aussi, un peu comme si c’était nous les citoyens ordinaires du Net qui étions les parias de cette société numérique “gafamisée”, “NSAisée”, surveillée globalement, etc.

Puis en y réfléchissant bien et à la lecture des conseils et propositions pour se “dégoogliser”, je me dis que la situation n’est clairement pas normale. Pourquoi serait-ce à nous les ordinaires citoyens du Net de palier aux manquements manifestes de ces fournisseurs de systèmes et services ? Ceci, un peu comme si nous étions dans le maquis, en territoire occupé ou dans un village d’irréductibles NETois.

Non! Je proteste vigoureusement contre un tel état de fait et je postule qu’il est de notre devoir de citoyen responsables du Net d’exiger que les fournisseurs de systèmes et de services numériques adoptent une posture de Conception Responsable offrant par défaut un niveau de confiance permettant de placer la partie la plus faible, c’est-à-dire NOUS les citoyens du Net, dans une position claire de sécurité et de confiance vis-à-vis de l’usage fait de nos données. C’est en gros l’idée défendue sur la fin de cet ouvrage sur la Responsabilité Numérique avec la proposition d’une charte de conception durable et un label ouvert utilisable par tous les concepteurs de systèmes et de services responsables, le tout placé sous la sauvegarde de la multitude grâce à la transparence offerte par le numérique. La mise en oeuvre d’une telle proposition fait parte des discussions et des travaux entrepris par le ThinkGroup Cloud Societal Responsibility de ThinkServices.

Si le monde de l’Entreprise à réussi à faire le pas de la Responsabilité Sociale, il est maintenant devenu primordial de faire un pas similaire en direction de la Responsabilité Numérique pour une société plus respectueuse de nos droits et de nos libertés et surtout qui ne tente pas de mettre dans des ghettos techniques l’immense majorité des citoyens du Net.

Soyons numériquement exigeants et responsables! Montrons aux GAFAs et autres “too fat to change” que ce sont eux qui doivent changer et pas nous.

Internet Access : Finally A Fundamental Human Right according to UN Special Rapporteur Frank La Rue

Borrowing from the phrase of Armstrong: That’s one small step for the UN, one giant leap for the Internet!

Frank La Rue, the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression released his report (22 pages well worth reading) submitted to the 17th session of the Human Rights Council on the “key trends and challenges to the right of all individuals to seek, receive and impart information and ideas of all kinds through the Internet“.

His conclusions and recommendations are clear and call for no further argument. In a nutshell : Internet Access is a fundamental human right. Now maybe we can move on with the real discussions and issues on how to creatively address some of these global problems currently hampered by ridiculous territorially bound legislations that have been hijacked by lobbies and industry led pressure groups.

So long HADOPI, ACTA, Protect IP Act, etc. Long live the Internet ! and let’s get to work, we’ve got a responsible digital society to build… Time for Responsibility 2.0 : towards A new World Order ?

DECE UltraViolet: Eventually solving (half of?) the digital media entertainment business

As every year CES rolls out its share of news and new products in the consumer electronics business. Among them this year one that may well represent a significant step forward in the digital media distribution and rights management business : DECE’s UltraViolet design completion and deployment roadmap.

Basically, the idea behind UltraViolet is one that’s been floating around for a long long time now but was regularly shelved or discarded due to the inability of the market actors in and across the industry to reach any form of agreement and particularly to acknowledge the essential driver in this marker : The Users and the corresponding User Experience. So, the basic idea behind UltraViolet is the cloud based digital locker for content and rights licenses (check out a promotional video for UltraViolet)

Why might it work ? Well, the answer is fairly simple : DECE (Digital Entertainment Content Ecosystem) which is a cross-industry consortium of over 50 companies (and growing) committed to make UltraViolet the next generation standard for rich media experience where the users will get the flexibility and user experience they’ve been denied for over a decade now. With UltraViolet, users will be able to download, stream, share and even get copies for use on physical media, basically covering a great deal of the average user needs in terms of interoperability and user experience.

So, all this sounds like a dream come true ! BUT this might actually only address half (if not less) of the issues. The two major problems in this industry were : User Experience (technical issue) and Business Models. Solving the former through a global (more or less, Apple and Disney are missing!) technical agreement on a common file format is a good start. But the business model side remains an open issue. And history has shown the poor ability of the entertainment industry to be creative in this space.

Moreover, UltraViolet has a pretty precise idea of what a typical user or household wants, uses, needs and is. UltraViolet accounts will be limited to 12 devices, 6 people households and 3 streams in parallel. This is insane !

Finally, and not of least importance is the whole anonymity issue. This approach, allowing for massive monitoring of usage will definitely benefit every actors of the ecosystem except probably the users. Or in other words, assuming such a service cannot offer anonymity for obvious reasons, how will the commercial actors value this in the business models for the users ? There’s a difference between knowing a given movie was or is being viewed and knowing that a specifically identified person is watching this movie and knowing nothing except a piece of content was bought on a given date. These three situations require different pricing ! How much do we value the information we release knowingly or not ? Not much I must say.

For these reasons, (and don’t get me wrong I’m very excited to see how this works out) I remain cautious on the actual solution. The above mentioned issues are important and will need to be addressed and fine tuned. The digital locker is definitely the right way to go for two reasons : technical interoperability (i.e., user experience) and Green IT issues allowing to reduce the amount of storage, waist of bandwidth and energy used for shifting around the world millions of copies of the same content.

At the end of the day, given the right business model and a decent user experience, users are likely to adopt many solutions and services. iTunes remains among the most notable examples of this. Preserving anonymity, complying with personal information regulations around the world and offering the users the ability to unilaterally claim their right to do something without being bothered by technology are key properties that still drive my own research in this fascinating domain. (Comments and reactions welcome 😉 

Additional material :

Will we remember the Internet before 2011 as B.W. (before WikiLeaks) ?

The whole WikiLeaks story raised a few comments I want to briefly share.

First, I was amazed to see that the global organic protest for the WikiLeaks cause has led to tens (if not hundreds) of thousands voluntary downloads of the botnet malware to participate in the global DDoS attack against WikiLeaks opponents. To the best of my knowledge (please comment and correct if I’m wrong), this is the first time in security history that people around the globe deliberately infect themselves with malware to fight for a cause. This isn’t any innocent fact like a blog or a Facebook group gathering millions of supporters, we’re actually looking at a form of modern digital weapon having the potential to disrupt operations of billions of legitimate users with consequences that may go far beyond the somewhat “simple” unavailability of one service. In our services led economy, this is a major issue. Paradoxically many claim this to be some form of ethical hacking allowing the voices of the small and the under-represented to be “heard” in the name of transparency and freedom of information. In any case, never in the past has digital protesting had such a tool to cast their voices. How this whole story unfolds and what position governments will take will be highly interesting to follow. We may actually be at a historical turning point of the Internet. Will we one day remember the Internet before 2011 as B.W. (before WikiLeaks) ? Hopefully not. Feel free to jump in and comment…

The second point I couldn’t help thinking about in connection with the WikiLeaks issue is the whole debate about “responsibility” and Ethics. Corporate Social Responsibility (CSR) has been around for a while now. It is being taught in almost every business school and in specialized master programs. Likewise, Compliance issues have led to a growing importance of regulatory frameworks following many financial scandals such as Enron, Worldcom, Martha Stewart, etc. More recently, the issue of a global financial crisis emerged and kind of vanished without actually being really addressed. Would we even be talking about this if people were more responsible and accountable for their actions ? Would WikiLeaks have even existed ?

So, the point is the following : both issues mentioned above relate to problems that have become global in their very nature and for which traditional remedies and approaches cannot apply any more (territorially bound legislation, global treaties, UN, centralization).

Internet Governance and Net Neutrality will require new approaches. Maybe not as technological and / or legal as one may think. Responsibility and accountability might be part of the equation. Acknowledging and taking into account the human factor appears to be the most promising direction to address many such problems. Eventually, it could even prove to be a major source of Empowerment for people in their roles and duties. This is the exact point that led me to consider managing exceptions in information security which may sounds totally counterintuitive at first sight (at least from a traditional point of view), but holds a lot of value when assuming people are : free moral actors, responsible; and technology is used to help and empower them rather than something to be circumvented in order to get the job done.

Call for Action – let’s unite to propose a “Grassroots DRM Day”

Today, May 4th, is “The Day Against DRM”. It’s a very sad day ! While I think DRM is fundamentally flawed by design we’re still stuck in this extremism debate going nowhere anytime soon. Apple has sold its 1’000’000th (1 million) iPad last Friday, 28 days since its launch, 12 million apps downloaded and 1.5 million ebooks. Let’s face the facts, compared to the number of signatures collected against the iPad this device is rocking its world despite the DRM issues. Basically, the user experience by far outweighs the problems. I’ve written an Open Letter to DefectiveByDesign.org about this here.

So, here’s my proposition for today. It’s a call for action: let’s unite to propose a “Grassroots DRM Day“, a day to co-creatively Rethink and Redesign DRM. Drop me a note if you feel like participating (I’ll setup a page in case there’s a critical mass of people who want to take action) (See LibrePlanet Wiki)

Information Security Management : A Wake Up Call !

A great article by Thomas Kendra (Symantec) posted in the Financial Times, Digital Business, Personal View (Dec. 5, 2007) urging for the need to adopt a “fresh approach” to information security management given the new challenges posed by our modern organizational structures. These now involve increasing interorganizational processes, insider threats and ubiquitous computing infrastructures. Obviously, this is “music to my ears” given my research interests in Enterprise DRM and Digital Policy Management (DPM).
Basically the whole point addresses the issue of how to go beyond current security approaches which are now insufficient and consequently fail given these new challenges. Or in other words, how do we address the current weakest link of information security basically boiling down to People and Mobility. And as we all know, security is only as good as its weakest link.

So, despite the “YouNameIt++ frenzy” (trend consisting of giving and incrementing version numbers to reflect the next generation of challenges in a topic, e.g., Web 2.0, Web 3, Identity 2.0, etc.) he calls for “Security 2.0” saying it builds on traditional security (Security 1.0) adding protection at the level of the information itself and the interactions.

Interestingly, Enterprise DRM is currently one of the possible technologies used in the corporate environment to address some of these issues trying to persistently protect and manage content no matter where it resides (i.e., including outside traditional corporate perimeters). As a result, this brings the granularity of the protection down to the individual information level by cryptographically associating governing rules to the content. Moreover, given the criticality of the managed content it is also possible to dynamically adapt those rules in real time thus allowing to basically “recall” content if needed.

Our environment cannot rely anymore only on perimeter based security, Access Control, and secure communication channels. We’ve passed the point of no return and need to address information security in a way that accommodates current and future business practices.

Two problems arise here : First Interoperability and the lack of standards in the field of Enterprise DRM. We cannot rely on vendor specific proprietary solutions. Second, most deployed solutions today address specific needs in siloed approaches (e.g., SOX, Based II, HIPPA, IP protection, etc.). As a result, the field needs to take a step back and rethink the whole problem at a higher abstraction level in terms of Policies and how they are managed. Some of which may be electronically instrumented through technical means (e.g., Enterprise DRM). This is Digital Policy Management, an emerging and very important research area I’m working on. I have setup a page for this in order to generate and stimulate discussion on these issues here: The Digital Policy Management (DPM) Page. Everyone is welcome to join the conversation (practitioners and researchers) on all aspects of the problem (engineering, management, legal, social, ethical, behavioral, etc.)

Source : FT.com, Dec. 5, 2007, New Threats call for a fresh approach, Personal View by Tom Kendra,